1. Field
The invention relates generally to collaboration amongst peer entities within a communications network and more specifically to validation of other untrusted nodes within the communications network based on authentication of those nodes or detection of unauthorized activity facilitated by such collaboration between trusted peer entities.
2. Background
Modern enterprise networks are designed and architected for client/server computing, as well as peer to peer communication. A host computing machine may attach itself to a modern enterprise network and establish itself on the enterprise utilizing no more than a non-authenticated physical connection. Specifically, an untrusted host computing machine with physical access to an enterprise network can attach and monitor for “typical” network behavior, as well as specific authentication criteria that could allow a malicious individual(s) to gain access the resources of the given enterprise network. In many cases it is not possible for the physical hardware responsible for both the security and business continuity of the enterprise network to determine which host(s) or peers should or should not be present and accessing network resources.
A computing host that has been classified as “non-authentic” (e.g., a rogue machine, unidentified machine, or a machine that has some type of malicious functionality installed on it) should be removed from the enterprise if possible or, at a minimum, provided with very limited services and access to the enterprise resources. An approach that allows for categorical denial of a “non-authentic” peer to access, impact, or otherwise effect the enterprise network would be useful in such a situation.
A need therefore exists for a software arrangement and process that is capable of allowing trusted entities within a communications network to collaborate with each other to determine whether a particular activity should be permitted or not. In one case, a need exists for allowing trusted nodes within a communications network to collaborate with each other to determine whether an untrusted node may be trusted. In another case, a need exists for allowing trusted components of a virtual machine to collaborate in determining whether communications to or from a given node should be permitted or whether there are security vulnerabilities are being exploited (or attempting to be exploited) on that node. A need further exists for the ability to directly insert a driver into a virtual machine file of either a trusted or untrusted node.